Bring in egulias/EmailValidator for RFC compliant email address validation

For reference, this is the Symfony commit that started using this library: https://github.com/symfony/symfony/commit/3368630482c0f5f5c0ebaf08e64347....

Ideally, this would be fixed in PHP but sadly, that is not a realistic expectation. It seems like a lot of extra code but in general, I prefer to add a library rather than having to subclass Symfony to change its behavior. I'm not thrilled with it but all things considered, I'm ok with adding this library.

Unassigning Dries, since he answered in #7.

Edit: nevermind.

+1 in general. PHP core always lacked behind reality, and any amount of PCRE is not able to reliably deal with advanced characteristics like IDNs, IPv6, etc.pp.

That said, I didn't really study the library's code, so I don't want to RTBC.

Lastly, it would be great to adjust our .gitignore to exclude:

core/vendor/**/tests

We really don't need all of those upstream tests in our repo at all.

Updated patch to the newer 1.2.0 release of the library.

Here's the relevant code from Symfony's upgrade to 2.5:

diff --git a/core/vendor/symfony/validator/Symfony/Component/Validator/Constraints/EmailValidator.php 
-        $valid = filter_var($value, FILTER_VALIDATE_EMAIL);
...
+        if ($constraint->strict && class_exists('\Egulias\EmailValidator\EmailValidator')) {
+            $strictValidator = new StrictEmailValidator();
+            $valid = $strictValidator->isValid($value, false);
+        } elseif ($constraint->strict === true) {
+            throw new \RuntimeException('Strict email validation requires egulias/email-validator');
+        } else {
+            $valid = preg_match('/.+\@.+\..+/', $value);
+        }

#7 answers that we don't want to override this class, but I'm sitting here at TCDrupal near alexpott and he's asking what would be wrong with just allowing the very permissive regex at the bottom to operate.

Re #19: why does this issue need to be blocked on that? What's the relationship between the two?

link to comments

Also the front-end HTML5 validation has diff results in diff browsers, therefore adding users programmatically may not pass frontend checking.

http://trac.webkit.org/browser/trunk/Source/WebCore/html/EmailInputType....
http://hg.mozilla.org/mozilla-central/file/805aff291ec2/content/html/con...

Rerolling... There were conflicts in the composer.lock and core/vendor/composer/installed.json files.

This patch is holding up at least 2 criticals, so it is critical.

This patch is in-scope and does exactly what it says. It is agreed in the parent issue that this library is necessary to provide strict email address validation with Symfony 2.5+.

See #2278353-79: Update to Symfony 2.5: @dawehner @berdir and I discussed the email validation question on IRC and concluded that since valid_email_address() still exists and uses filter_var() then it makes no sense to have the validator class act differently. Because of that, I propose we add a new validator that overrides Symfony's that does filter_var().

This issue should be considered an upgrade to email validation.

Why not simply update valid_email_address() to use the constraint as well?

@fago Personally, I like that idea. We should do that. But I don't want Symfony 2.5 to depend on this issue.

Dries rejected #31 in #7.

The question that's left here is whether to add the library or do what alexpott asked about in #16 (I typed up the comment, but it was his question): use the fallback to the very permissive regex check in core, and allow contrib modules or sites that want the robust validation to add the library themselves.

I think #26 might be a good answer to not falling back to the very permissive regex: i.e., you could enter an address on one browser/device that will fail client-side validation on another one.

So, assigning this one to alexpott to see if that answers his question adequately, or if he wants to kick it back to us, or to Dries.

Committed 8071855 and pushed to 8.0.x. Thanks!

Testing 10000 iterations with fabien@symfony.com
0.082918167114258 seconds with filter_var
0.44279789924622 seconds with EmailValidator + instantiation
0.42330503463745 seconds with EmailValidator once instanced

Ran https://github.com/egulias/EmailValidator/blob/master/tests/egulias/Perf... considering this will not be run 100's of times per request.

#2343043: valid_email_address() should use egulias/EmailValidator and become deprecated